How cybercriminals tailor attacks for different age groups of gamers | Kaspersky official blog

Credit to Author: Olga Svistunova| Date: Wed, 01 Mar 2023 09:56:39 +0000

These days, a 12 or 13-year-old kid can become a professional eSports player, while the youngest of them began his career at the ripe old age of… four! The gaming world has become much younger, but all gamers — both children and adults — face multiple cyberthreats. And scammers tailor each of their schemes with a particular age audience in mind.

Although children spend less time playing online games than adults, they remain one of the most sought-after targets for cybercriminals: after all, a kid can often easily lead you to their parent’s bank card.

Free cheese still smells nice

One of the most common scams targeting young gamers takes the form of an offer to generate in-game currency for free. That’s because kids today would rather get in-game currency from their parents than pocket money. To be the coolest-of-the-cool in pretty much any online game, you need virtual coins, and lots of them — such as V-bucks in Fortnite or Robux in Roblox. To avoid having to ask their parents to fork out, children are always on the lookout for free coins, which makes them vulnerable to cybercriminals.

Relying on most children’s rudimentary knowledge of cybersecurity, scammers don’t even bother with clever schemes: they literally spell out what data they want from their victims. For instance, on one phishing site that pretends to generate gems — the currency of the popular children’s game Brawl Stars — users are asked to answer just four questions to get as many gems as they please. As well as the desired number of gems and their in-game name, the user also has to hand over the e-mail address linked to the Supercell online game store and, guess what, the password for it! Why the young gamer needs to share this data, the creators of the site never explain.

Now in possession of the victim’s e-mail, the attackers can get a security code to log in to the Supercell account and hijack it by changing the password. So, instead of picking up lots of free gems, the unfortunate player may lose both their mail account and all their accumulated experience and currency in Brawl Stars.

Free cheeeeeese!

Free cheeeeeese!

Other scams are even more primitive. One site we found invited users to download Valorant cheats that give an advantage over other players, together with a detailed installation guide.

One of the instructions was to disable all antivirus software before installing the file — otherwise the cheat would be flagged as a false positive and not be installed. The executable file is packed in a password-protected Winrar archive, the contents of which cannot be checked by the antivirus before unpacking, and it must be “Run as administrator” so that the virus gains full access to the victim’s computer. The longer the victim’s antivirus is disabled, the more data the scammers can potentially pump out. It helps if the child has their own computer, but what if it’s a shared home computer full of parental data, including passwords and bank card details?

The winner takes it all. From your PC.

The winner takes it all. From your PC.

Almost any adult would smell the cheese in the mousetrap, but to kids who know little about cybercriminal tricks, nothing feels off. Statistics show that malware disguised as Minecraft or Roblox was downloaded 3–4 times more often than games for mature audience. For more examples of child-targeting scams, see our threat report for young gamers.

The more experienced the player, the trickier the scam

To fool hardcore gamers, scammers have to be far more sophisticated. Targeting an adult audience, they create phishing sites that mimic 18+ games, such as GTA Online. But the result is the same: the victim is either scammed out of their data and game account, or asked to take an online “I’m not a robot” test, with the offer of a prize — for example, the latest iPhone or a PlayStation 5. Only, to receive it, a small commission needs to be paid. And as you may have guessed, after paying this the gamer gets no prize and may compromise their bank card instead.

Haven't you seen the "Grand Theft" inscription? You were warned...

Haven’t you seen the “Grand Theft” inscription? You were warned…

Also this year, cybercriminals have learned how to mimic the in-game stores of such popular games as CS:GO, PUBG, and Warface. To get a good skin at a low price, victims had to enter their credentials for Steam, or even for social networks like Twitter or Facebook. As soon as they entered this data, their account fell straight into the hands of the cybercriminals, and all the skins and artifacts there were sold to other gamers.

A farewell to arms

A farewell to arms

Another common trick is to offer bundles (tens or even hundreds) of licensed games for peanuts. But this meager sum must be paid from your bank card. Or you can get a “Battle pass” for free, but to confirm, say, your age, you need to give the numbers on both the front and back of your credit card. No prizes for guessing that this data will most likely be stolen and then sold on the dark web.

It won't ever be as cheap as this! Oh, wait…

It won’t ever be as cheap as this! Oh, wait…

How to protect yourself against such threats?

Whether you’re a rookie or hardcore gamer, the threats you face are the same, and it’s worth knowing how to guard against them:

  • Use strong passwords — a unique one for each account. Then, even if one of your accounts is hijacked, the others will still be yours. Don’t trust your memory? A password manager can help.
  • Protect your accounts further with two-factor authentication.
  • Use virtual bank cards and refill their balance exactly for the purchase amount. By entering the numbers from your bank card, you risk losing all the funds you have there. And remember that a bundle of licensed games selling for a song is a reason to be wary.
  • Install a reliable antivirus solution on your computer — one that works seamlessly with Steam and other gaming platforms.

Kaspersky’s antivirus products have a special game mode that automatically activates when you start games. Antivirus database updates, scheduled drive scans, and notifications are suspended in this mode, but protection continues to run in the background. Which means:

  • your system is securely protected from any malware;
  • your personal data is monitored for leaks;
  • your passwords are stored in a secure, encrypted vault;
  • all links you follow are checked for scams and phishing;
  • your IP address is hidden by a VPN, which encrypts transmitted data and, by choosing the right server, improves ping/latency;
  • finally, the operating system settings are optimized so you don’t lose a single millisecond of gaming.


https://blog.kaspersky.com/feed/